Re: [Users] Otopi pre-seeded answers and firewall settings

------=_Part_8252146_2085019966.1395820262425 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit I now asked Sandro and he told me the obvious: In the "New Host" form there is a checkbox for that :-) In hosted-engine we do not support that, it's always set - ' override_iptables=True ' in [1]. You can open a bug if you want, to make this configurable. It might make sense to use the value input in the question about iptables, but these are different issues. [1] http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=s... -- Didi ------=_Part_8252146_2085019966.1395820262425 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div></div><blockquote style=3D"borde= r-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-w= eight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,A= rial,sans-serif;font-size:12pt;"><b>From: </b>"Giuseppe Ragusa" &lt;giusepp= e.ragusa(a)hotmail.com&amp;gt;&lt;br&gt;&lt;b&gt;To: </b>"Yedidyah Bar David" &lt;didi@redhat= .com&gt;<br><b>Cc: </b&gt;&quot;Users(a)ovirt.org&quot; &amp;lt;users(a)ovirt.org&amp;gt;&lt;br&gt;&lt;b&gt;Sent= : </b>Tuesday, March 25, 2014 11:49:36 PM<br><b>Subject: </b>RE: [Users] Ot= opi pre-seeded answers and firewall settings<br><div><br></div><style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 12pt; font-family:Calibri } --></style><div dir=3D"ltr">Hi Didi,<br>many thanks for your invaluable hel= p!<br><div><br></div>I'll try your suggestion (/etc/ovirt-host-deploy.conf.= d/99-prevent-iptables.conf) asap and then I will report back.<br><div><br><= /div>By the way: I have a really custom iptables setup (multiple separated = networks on hypervisor hosts), so I suppose it's best to hand tune firewall= rules and then leave them alone (I pre-configure them, so the setup proced= ure won't be impeded in its communication needs anyway AND I will always gu= arantee the most stringent filtering possible with default deny ecc.).</div= ious: In the "New Host" form there is a checkbox for that :-)</div><div><br= an style=3D"font-family: monospace; font-size: 12px; white-space: pre; back= ground-color: #ffffff;" data-mce-style=3D"font-family: monospace; font-size= : 12px; white-space: pre; background-color: #ffffff;">override_iptables=3DT= rue</span>' in [1].</div><div><br></div><div>You can open a bug if you want= , to make this configurable.</div><div><br></div><div>It might make sense t= o use the value input in the question about iptables, but these are differe= nt issues.</div><div><br></div><div>[1]&nbsp;<a href=3D"http://gerrit.ovirt= .org/gitweb?p=3Dovirt-hosted-engine-setup.git;a=3Dblob;f=3Dsrc/plugins/ovir= t-hosted-engine-setup/engine/add_host.py" data-mce-href=3D"http://gerrit.ov= irt.org/gitweb?p=3Dovirt-hosted-engine-setup.git;a=3Dblob;f=3Dsrc/plugins/o= virt-hosted-engine-setup/engine/add_host.py">http://gerrit.ovirt.... ?p=3Dovirt-hosted-engine-setup.git;a=3Dblob;f=3Dsrc/plugins/ovirt-hosted-en= gine-setup/engine/add_host.py</a></div><div><span style=3D"font-size: 12pt;= ">--&nbsp;</span></div><div><span name=3D"x"></span>Didi<br><span name=3D"x= "></span><br></div><style><!-- .ExternalClass .ecxhmmessage P { padding:0px; } .ExternalClass body.ecxhmmessage { font-size:12pt; font-family:Calibri; } --></style></div></body></html> ------=_Part_8252146_2085019966.1395820262425--